Secure Your GoodData Deployment
Security is a shared responsibility. To achieve a high degree of information security you should, among other consideration, review the points outlined in this section and establish adequate safeguards and measures.
General Security Considerations for All Deployments
To safeguard your environment, implement these security measures:
- Establish an Identity and Access Management (IAM) system. Configure password policies and session timeout according to your corporate standards.
- Manage technical accounts, privileged API tokens, and credential management, such as for declarative use.
- Regularly update GoodData SDKs and frameworks to ensure the latest security baselines are being utilized.
- Monitor GoodData release notes and service notifications for new security capabilities or security alerts.
- Set up logging and monitoring/alerting for your solution on top of GoodData Cloud, adhering to your corporate standards and security requirements.
- If using DDoS prevention (like CloudFlare), ensure it covers the GoodData application.
Establish security features for client multitenancy, user security, and privacy:
- Implement Workspace Hierarchy.
- Use Workspace and User Data Filters.
- Establish User Groups and Permissions.
Secure your web application:
- Set up Cross-Origin Resource Sharing (CORS) and Content Security Policies (CSPs) based on your embedding model.
- If using GoodData.UI SDK, establish a procedure for regular updates.
Security Measures for GoodData Cloud Workloads
- Limit access to your data source (dedicated credentials, read-only data access with write access for caches).
- Secure the connection between your data warehouse and GoodData Cloud. Consider setting up AWS Private Link or use IP whitelisting, and ensure a valid TLS server certificate.